On Mon, Jan 12, 2015 at 4:35 PM, Mike Hammett <na...@ics-il.net> wrote: > So the preferred alternative is to simply do nothing at all? That seems fair.
fairly certain I didn't say that, no. I think that lots of smarter-than-me folk have already chimed in with options... All I wanted to do with this was to note I didn't say 'do nothing'. -chris > ----- Original Message ----- > > From: "Christopher Morrow" <morrowc.li...@gmail.com> > To: "Brandon Ross" <br...@pobox.com> > Cc: "Mike Hammett" <na...@ics-il.net>, "NANOG list" <nanog@nanog.org> > Sent: Monday, January 12, 2015 3:05:14 PM > Subject: Re: DDOS solution recommendation > > On Mon, Jan 12, 2015 at 3:17 PM, Brandon Ross <br...@pobox.com> wrote: >> On Sun, 11 Jan 2015, Mike Hammett wrote: >> >>> I know that UDP can be spoofed, but it's not likely that the SSH, mail, >>> etc. login attempts, web page hits, etc. would be spoofed as they'd have to >>> know the response to be of any good. >> >> >> Okay, so I'm curious. Are you saying that you do not automatically block >> attackers until you can confirm a 3-way TCP handshake has been completed, >> and therefore you aren't blocking sources that were spoofed? If so, how are >> you protecting yourself against SYN attacks? If not, then you've made it >> quite easy for attackers to deny any source they want. > > this all seems like a fabulous conversation we're watching, but really > .. if someone wants to block large swaths of the intertubes on their > systems it's totally up to them, right? They can choose to not be > functional all they want, as near as I can tell... and arguing with > someone with this mentality isn't productive, especially after several > (10+? folk) have tried to show and tell some experience that would > lead to more cautious approaches. > > If mike wants less packets, that's all cool... I'm not sure it's > actually solving anything, but sure, go right ahead, have fun. > > -chris >
